<?php
session_start();
$speudo = $_POST['login'];
$password = $_POST['pass'];
define("HOST", "localhost");
define("USER", "root");
define("PASSWORD", "root");
define("DATABASE", "LesMotsALaPelle");
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); 

if ($stmt = $mysqli->prepare("SELECT id, pseudo, motDePasse, statut FROM Utilisateur WHERE pseudo = ? LIMIT 1")) {
	$stmt->bind_param('s', $speudo); 
	$stmt->execute();
	$stmt->store_result();
	$stmt->bind_result($user_id, $username, $db_password, $statut);
	$stmt->fetch();
	$password = md5($password);
	
	if($stmt->num_rows == 1) { 
		
		if($db_password == $password and $statut != 0) {
			$user_id = preg_replace("/[^0-9]+/", "", $user_id);
			$_SESSION['user_id'] = $user_id;
			$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
			$_SESSION['login'] = $username;
			$_SESSION['statut'] = $statut;
			$_SESSION['connect'] = true;
			echo "1";
		}
		else {
			echo "0"; 
		}

	}
	else {
		echo "0"; 
	}
}
?>